this batch of fixes should be pretty straightforward
rename of 'index' and an 'i' local variable shadowing.
'index' conflicts with a global name.
Signed-off-by: Øyvind Harboe <oyvind.harboe@zylin.com>
found by code inspection. There are many other places in
CFI where LOG_ERROR() should be called similarly...
Signed-off-by: Øyvind Harboe <oyvind.harboe@zylin.com>
when a write/unlock/erase failed during write_image, then
an error was not propagated back up so e.g. flash write
image from tcl scripts would not throw an exception.
Also flash filling speed was printed even when the
operation failed. Output is now less confusing.
Signed-off-by: Øyvind Harboe <oyvind.harboe@zylin.com>
failure to write to memory was not propagated.
This is an interesting case of broken error handling:
with exceptions we wouldn't have had this at all,
and I also wonder if there is a GCC option to warn
about these kinds of potential bugs.
Signed-off-by: Øyvind Harboe <oyvind.harboe@zylin.com>
Parameter "type" of function armv4_5_mmu_translate_va()
is now not used.
Remove the parameter and the "enum" listing its values.
Signed-off-by: Antonio Borneo <borneo.antonio@gmail.com>
Function armv4_5_mmu_translate_va() now properly signals
errors in the return value.
Remove former error handling by setting variable "type" to
value "-1".
Signed-off-by: Antonio Borneo <borneo.antonio@gmail.com>
Function arm920t_write_memory() default return value
should be ERROR_OK.
All cases of local errors are handled immediately and
not further propagated.
Signed-off-by: Antonio Borneo <borneo.antonio@gmail.com>
Commit 0538081246
introduces a compile time warning:
arm920t.c: In function ‘arm920t_write_memory’:
arm920t.c:567: warning: ‘retval’ may be used uninitialized in this function
Signed-off-by: Antonio Borneo <borneo.antonio@gmail.com>
any read/write operation to memory can fail.
block write algorithm error propagation was broken
in that it would continue after an error was reported
writing data to ram or the algorithm failing.
Signed-off-by: Øyvind Harboe <oyvind.harboe@zylin.com>
GDB and OpenOCD has two different error number
spaces and no mapping exists between them.
If a specific error number is to be reported
to GDB then this has to be done at the calling
site, rather than as a generic routine that
tries to map "retval" to GDB error number speak.
Signed-off-by: Øyvind Harboe <oyvind.harboe@zylin.com>
JTAG_MOVESTATE is misleading, this cmd is only used
for reset.
JTAG_PATHMOVE should be used otherwise.
Signed-off-by: Øyvind Harboe <oyvind.harboe@zylin.com>
Hello,
"stm32x mass_erase" return ERROR_OK even if something goes wrong.
Here is a summary of changes :
* in stm32x_mass_erase : return ERROR_FLASH_OPERATION_FAILED when error
detected in FLASH_SR register;
* in COMMAND_HANDLER(stm32x_handle_mass_erase_command) : return the
returned value of stm32x_mass_erase().
I don't know if there is reason to always return ERROR_OK ?
Gaëtan
ETM analyze produced no output when the trace buffer was empty.
This patch provides users with a clue.
Signed-off-by: Jon Povey <jon.povey@racelogic.co.uk>
Signed-off-by: Øyvind Harboe <oyvind.harboe@zylin.com>
When a flash cmd is called using the flash name the autoprobe
function is not called. autoprobe is called if flash_command_get_bank
falls through to get_flash_bank_by_num.
This makes both get_flash_bank_by_name and get_flash_bank_by_num
behave the same.
Signed-off-by: Spencer Oliver <ntfreak@users.sourceforge.net>
This adds a virtual flash bank driver that allows virtual banks to
be defined that refer to an existing flash bank.
For example the real address for bank0 on the pic32 is 0x1fc00000
but the user program will either be in kseg0 (0xbfc00000) or
kseg1 (0x9fc00000).
This also means that gdb will be aware of all the read only flash
addresses.
Signed-off-by: Spencer Oliver <ntfreak@users.sourceforge.net>
Every time command "flash probe #" is executed, memory
structures are re-allocated without preventive free()
of former areas, causing memory leak.
Also, memory allocation does not check return value,
determining segmentation fault in case of out of memory.
Signed-off-by: Antonio Borneo <borneo.antonio@gmail.com>
Signed-off-by: Spencer Oliver <ntfreak@users.sourceforge.net>
We request a id register read at the end of ahbap_debugport_init
but we never actually run the queue. In some cases this causes a
segfault.
Signed-off-by: Spencer Oliver <ntfreak@users.sourceforge.net>
This patch add support of iMX27 nand flash controller. This is based on
driver for imx31 nand flash controller.
OOB functionality is not fully working. As in mx31 controller, mx2 NFC
has a bug that swap two bytes between SPARE and MAIN buffer.
I used this driver for several months and no problems appear.
This second half of the patch is proposed to clean up some GDB keep alive
issues on arm7_9 targets that start up with very slow clocks. If an attempt
is made to write to key registers on the processor with a slow jtag speed,
GDB timeout warnings appear on the console (at least mine) when "reset halt"
or "reset init" commands are issued from the gdb client:
*** BEFORE PATCH ***
(gdb) monitor reset init
fast memory access is disabled
2 kHz
keep_alive() was not invoked in the 1000ms timelimit. GDB alive packet not
sent! (1026). Workaround: increase "set remotetimeout" in GDB
JTAG tap: at91sam9g20.cpu tap/device found: 0x0792603f (mfg: 0x01f, part:
0x7926, ver: 0x0)
target state: halted
target halted in ARM state due to breakpoint, current mode: Supervisor
cpsr: 0x000000d3 pc: 0x00000000
MMU: disabled, D-Cache: disabled, I-Cache: disabled
keep_alive() was not invoked in the 1000ms timelimit. GDB alive packet not
sent! (1027). Workaround: increase "set remotetimeout" in GDB
keep_alive() was not invoked in the 1000ms timelimit. GDB alive packet not
sent! (1006). Workaround: increase "set remotetimeout" in GDB
keep_alive() was not invoked in the 1000ms timelimit. GDB alive packet not
sent! (1006). Workaround: increase "set remotetimeout" in GDB
keep_alive() was not invoked in the 1000ms timelimit. GDB alive packet not
sent! (1006). Workaround: increase "set remotetimeout" in GDB
keep_alive() was not invoked in the 1000ms timelimit. GDB alive packet not
sent! (1004). Workaround: increase "set remotetimeout" in GDB
RCLK - adaptive
dcc downloads are enabled
fast memory access is enabled
NAND flash device 'NAND 256MiB 3,3V 8-bit' found
(gdb)
I added additional keep alive steps in areas that troubleshooting revealed
were causing problems. I only did this however for non-fast write memory
accesses. I don't think most people would be using fast memory accesses to
write to memory when the jtag and system clocks are slow anyway.
If you disagree with my feeling, think there is a more elegant way to handle
the problem, or think the patch will cause other unforeseen problems with
other targets, let me know. As you can see below, the patch does eliminate
the problem on my development station and I suspect that it will benefit
others.
*** AFTER PATCH ***
(gdb) monitor reset init
fast memory access is disabled
2 kHz
JTAG tap: at91sam9g20.cpu tap/device found: 0x0792603f (mfg: 0x01f, part:
0x7926, ver: 0x0)
target state: halted
target halted in ARM state due to breakpoint, current mode: Supervisor
cpsr: 0x000000d3 pc: 0x00000000
MMU: disabled, D-Cache: disabled, I-Cache: disabled
RCLK - adaptive
dcc downloads are enabled
fast memory access is enabled
NAND flash device 'NAND 256MiB 3,3V 8-bit' found
(gdb)
Gary Carlson
Gary Carlson, MSEE
Principal Engineer
Carlson-Minot Inc.
tcl "puts" didn't work because the logging code sensored strings
that did not include a '\n'. The correct thing is to sensor
empty strings, which are used to keep gdb connection alive.
The tcl "puts" code broke apart strings which do contain '\n' in
order to implement the -nonewline argument, which is how it
got hurt by the bug in log.c
Signed-off-by: Øyvind Harboe <oyvind.harboe@zylin.com>
Page reads using hwecc4_infix layout segfaulted for check_bad_blocks because
the read assumed a valid data buffer, which check_bad_blocks does not use
(it only passes a 6 byte buffer for the start of OOB).
This version copes with undersized or missing data or oob buffers and uses
random read commands within the page to skip unwanted areas of data/OOB for
speed.
NOTE: Running check_bad_blocks with this layout will be reading infix
OOB locations, not manufacturer bad block markers. This means that if you
check blocks written in infix layout they will appear good, but manufacturer-
marked bad blocks may also appear good.
If you want to scan for manufactuer-marked bad blocks, you need to enable
raw_access before running check_bad_blocks, or use the non-infix layout.
Signed-off-by: Jon Povey <jon.povey@racelogic.co.uk>
CC: David Brownell <dbrownell@users.sourceforge.net>
nand_build_bbt() was ignoring the return value from nand_read_page() and
blindly continuing.
It now passes the return value up to the caller if the read fails.
Signed-off-by: Jon Povey <jon.povey@racelogic.co.uk>
The gdb_memory_map cmd for example fell through and returned
ERROR_COMMAND_SYNTAX_ERROR on success - behaviour is now as expected.
Signed-off-by: Spencer Oliver <ntfreak@users.sourceforge.net>
Change download rate messages about kibibytes from "kb/s" to "KiB/s" units.
See: http://en.wikipedia.org/wiki/Data_rate_units
Signed-off-by: Jon Povey <jon.povey@racelogic.co.uk>
Remove few LOG_DEBUG() messages, together with code and
variables required to build such messages.
Signed-off-by: Antonio Borneo <borneo.antonio@gmail.com>
Final step to force bus_width size during CFI flash
read.
Added CFI specific implementation cfi_read() that uses
only accesses at bus_width size.
Signed-off-by: Antonio Borneo <borneo.antonio@gmail.com>
Final target is to force bus_width size during CFI flash
read.
In this first step I need to replace default flash read
with flash specific implementation.
This patch introduces:
- flash_driver_read() layer;
- default_flash_read(), backward compatible;
- read() callback in struct flash_driver;
- proper initialization in every flash_driver instance.
Signed-off-by: Antonio Borneo <borneo.antonio@gmail.com>
During cfi_write(), head and tail of destination area
could be not aligned to bus_width.
Since write operation must be at bus_width size, source
buffer size is extended and buffer padded with current
values read from flash.
Force using bus_width to read current value from flash.
Do not use cfi_add_byte() anymore, to allow removing this
function later on.
Signed-off-by: Antonio Borneo <borneo.antonio@gmail.com>
NOR flash structure requires each access to be bus_width wide.
Fix read of flash ID accordingly to rule above.
Add case (chip_width == 4), allowed by CFI spec and coherent
with current value of CFI_MAX_CHIP_WIDTH but currently not
used by any target.
Signed-off-by: Antonio Borneo <borneo.antonio@gmail.com>
Since NOR flash devices does not handle "byte enable lanes",
each read/write access involves the whole "chip_width".
When multiple devices are in parallel, usually all chips are
enabled during each access.
All such cases are compatible with flash accesses at
"bus_width" size.
Access at "bus_width" size is mandatory for write access to
avoid transferring of garbage values to flash.
During read access the flash controller should take care,
and discard unneeded bytes. Anyway, it is good practice to
use "bus_width" size also for read.
Every memory access that does not respect "bus_width" size
is marked with a "FIXME" comment.
Signed-off-by: Antonio Borneo <borneo.antonio@gmail.com>
Review and simplify computation of bufferwsize.
Add comments about variables' meaning.
The same code is present 3 times in the file.
Current patch updates all the 3 instances.
Step 1)
Replace "switch(bank->chip_width) {...}".
Illegal values of bank->chip_width are already dropped.
For legal values, the code is equivalent to:
bufferwsize = buffersize / bank->chip_width;
Step 2)
The above code replacement plus the following line:
bufferwsize /= (bank->bus_width / bank->chip_width);
is merged in a single formula:
bufferwsize = (buffersize / bank->chip_width) /
(bank->bus_width / bank->chip_width);
and simplified as:
bufferwsize = buffersize / bank->bus_width;
Signed-off-by: Antonio Borneo <borneo.antonio@gmail.com>
Arguments chip_width and bus_width of command "flash bank" are
not fully checked.
While bus_width is later on redundantly checked in several other
parts (e.g. in cfi_command_val()) and generates run-time error,
chip_width is never checked, nor related to actual bus_width
value.
Added check to avoid:
- (chip_width == 0), that would mean no memory chip at all,
avoiding also division by zero e.g. in cfi_get_u8();
- (bus_width == 0), that would mean no bus at all;
- unsupported cases of chip_width or bus_width value not power
of 2;
- unsupported case of chip width wider than bus.
Signed-off-by: Antonio Borneo <borneo.antonio@gmail.com>
reproducable when "./configure --enable-maintainer-mode CFLAGS=-D_DEBUG_GDB_IO_"
Signed-off-by: Jun Ma <sync.jma@gmail.com>
Signed-off-by: Øyvind Harboe <oyvind.harboe@zylin.com>
Last block was being skipped, fix by changing the loop test from "<" to "<="
First block argument was ignored, always started from block 0 (and counted
the wrong blocks as bad if first was nonzero). Now we use it.
Signed-off-by: Jon Povey <jon.povey@racelogic.co.uk>
Signed-off-by: Øyvind Harboe <oyvind.harboe@zylin.com>
The last_block argument to nand_erase() is checked against nand->num_blocks,
but the highest valid block number is (total - 1), the test for invalid should
be ">=" rather than ">".
Signed-off-by: Jon Povey <jon.povey@racelogic.co.uk>
Signed-off-by: Øyvind Harboe <oyvind.harboe@zylin.com>
flash cmds can now be passed either the bank name or the bank number.
For example.
flash info stm32.flash
flash info 0
Signed-off-by: Spencer Oliver <ntfreak@users.sourceforge.net>
Hi,
This is my first post to the list. First, I would like to thank
everyone for their work on OpenOCD, it is a great tool to work with. I
have been using it to debug code on hardware for the Rockbox project
(www.rockbox.org).
The target that I primarily work with has a Spansion/Fujitsu NOR flash
(MBM29SL800TE). I attached a patch that adds support for this flash. I
hope it can be included in the main repository. If there is something
that needs to be changed with the patch before inclusion please let me
know.
-Karl Kurbjun
The ST/Numonix M29W128G has an issue when a 0xff cmd is sent,
it cause an internal undefined state. The workaround according
to the Numonyx is to send another 0xf0 reset cmd
Signed-off-by: Spencer Oliver <ntfreak@users.sourceforge.net>
c->sin.sin_port does not contain a valid port number so just use
service->port as this is always correct.
Signed-off-by: Spencer Oliver <ntfreak@users.sourceforge.net>
There are a million reasons why cached protection state might
be stale: power cycling of target, reset, code executing on
the target, etc.
The "flash protect_check" command is now gone. This is *always*
executed when running a "flash info".
As a bonus for more a more robust approach, lots of code could
be deleted.
Signed-off-by: Øyvind Harboe <oyvind.harboe@zylin.com>
This stops GDB from launching with an empty memory map,
making gdb load w/flashing fail for no obvious reason.
The error message points in the direction of the gdb-attach
event that can be set up to issue a halt or "reset init"
which will put GDB in a well defined stated upon attach
and thus have a robust flash autoprobe.
Signed-off-by: Øyvind Harboe <oyvind.harboe@zylin.com>
No segmentationfault when sending commands to tcl-server.
modified: src/server/server.c
modified: src/server/tcl_server.c
modified: src/server/tcl_server.h
Various commands, e.g. "arm mcr xxxx" would fail if invoked upon startup
since it there was no command context defined for the jim interpreter
in that case.
A Jim interpreter is now associated with a command context(telnet,
gdb server's) or the default global command context.
Signed-off-by: Øyvind Harboe <oyvind.harboe@zylin.com>
Remove/fix lots of bugs in handling of non-contigious sections
and out of order sections.
Fix a gaffe introduced in previous commit to src/flash/nor/core.c
Signed-off-by: Øyvind Harboe <oyvind.harboe@zylin.com>
Remove bogus error messages when trying to allocate a
large chunk of target memory and then falling back to
a smaller one.
Signed-off-by: Øyvind Harboe <oyvind.harboe@zylin.com>
target memory allocation can be implemented not to show
bogus error messages.
E.g. when trying a big allocation first and then a
smaller one if that fails.
Signed-off-by: Øyvind Harboe <oyvind.harboe@zylin.com>
make wait for srst deassert more long latency friendly
(JTAG over TCP/IP), print actual time if it was more than
1ms.
Signed-off-by: Øyvind Harboe <oyvind.harboe@zylin.com>
The current timeout for STM32 flash block erase and flash mass erase is
10 (ms), which is too tight, and fails around 50% of the time for me.
The data sheet for STM32F107VC specifies a maximum erase time of 40 ms
(for both operations).
I'd also consider it a bug that the code does not detect a timeout, but
just assumes that the operation has completed. The attached patch does
not address this bug.
The attached patch increases the timeouts from 10 to 100 ms. Please apply.
/Tobias
Fix a bug where write_image would fail if the sections
in the image were not in ascending order. This has previously
been fixed in gdb load.
Solved by sorting the image sections before running flash
write_image erase unlock foo.elf.
Signed-off-by: Øyvind Harboe <oyvind.harboe@zylin.com>
this is done for unlocking and it is a simple omission that
it wasn't done for sectors.
The unnerving thing is that nobody has complained about this
until now....
Signed-off-by: Øyvind Harboe <oyvind.harboe@zylin.com>
This patch adds support for the length argument to the xscale implementation of
the wp command. Per discussion with David, the length argument specifies the
range of addresses over which a memory access should generate a debug exception.
This patch utilizes the "mask" feature of the xscale debug hardware to implement
the correct functionality of the length argument. Some limitations imposed by
the hardware are:
- The length must be a power of two, with a minumum of 4.
- Two data breakpoint registers are available, allowing for two watchpoints.
However, if the length of a watchpoint is greater than four, both registers
are used (the second for a mask value), limiting the number of watchpoints
to one.
This patch also removes a useless call to xscale_get_reg(dbcon) in
xscale_set_watchpoint() (value had already been read from the register cache,
and the same previously read value is then modified and written back).
I have been using and testing this patch for a couple days.
Questions, corrections, criticisms of course gratefully received.
If the flash has not yet been probed and GDB connects while the target is
running, the flash probe triggered by GDB's memory map read will fail. In
that case the returned memory map will be empty, causing a subsequent load
from within GDB to fail. There's not much you can do from GDB to recover,
other than a restart; a 'mon reset init' and manual 'mon flash probe' won't
help since GDB has already made up its mind about the memory map.
It seems there's no reason to require the target to be halted when probing
the flash. Remove the check to let a valid memory map be provided to GDB
even when connecting to a running target.
Signed-off-by: Andreas Fritiofson <andreas.fritiofson@gmail.com>
The The patch labeled "CFI CORE: bug-fix protect single sector" was merged
rged without some requested bugfixes. Most significantly it broke invariants
in the code, invalidating descriptions and changing the calling convention
for underlying drivers. (It (Also wasn't CFI-specific...)
Fix that, and Include an update from Antonio Borneo for the degenerate
"nothing to do" case, (although that's still in the wrong location. which
is presumably why that is it was working in some cases but not all.)
src/flash/nor/core.c | 21 ++++++++++++++++-----
1 file changed, 16 insertions(+), 5 deletions(-)
Signed-off-by: David Brownell <dbrownell@users.sourceforge.net>
Arguments for "flash bank" command are already
parsed and put in "bank" struct.
Removed code to parse them again.
Signed-off-by: Antonio Borneo <borneo.antonio@gmail.com>
Syntax of "flash bank" command requires:
- chip_width as CMD_ARGV[3]
- bus_width as CMD_ARGV[4]
Actual code swaps the arguments.
Bug has no run time impact since wrong variables
are only used to check value and both are checked
against same constraint.
Signed-off-by: Antonio Borneo <borneo.antonio@gmail.com>
This patch fixes the xscale_analyze_trace() function. This function was
defective for a trace collected in 'fill' mode (hiccups with repeated
instructions) and completely broken when buffer overflowed in 'wrap' mode. The
reason for the latter case is that the checkpoint registers were interpreted
incorrectly when two checkpoints are present in the trace (which will be true in
'wrap' mode once the buffer fills). In this case, checkpoint1 register will
contain the older entry, and checkpoint0 the newer. The original code assumed
the opposite. I eventually gave up trying to understand all the logic of the
function, and rewrote it. I think it's much cleaner and understandable now. I
have been using and testing this for a few weeks now. I'm confident it hasn't
regressed in any way.
Also added capability to handle (as best as possible) the case where an
instruction can not be read from the loaded trace image; e.g., partial image.
This was a 'TODO' comment in the original xscale_analyze_trace().
Outside of xcsale_analyze_trace(), these (related) changes were made:
- Remove pc_ok and current_pc elements from struct xscale_trace. These elements
and associated logic are useless clutter because the very first entry placed
in the trace buffer is always an indirect jump to the address at which
execution resumed. This type of trace entry includes the literal address in
the trace buffer, so the initial address of the trace is immediately
determined from the trace buffer contents and does not need to be recorded
when trace is enabled.
- Added num_checkpoints to struct xscale_trace_data, which is necessary in order
to correctly interpret the checkpoint register contents.
- In xscale_read_trace()
- Fix potential array out-of-bounds condition.
- Eliminate partial address entries when parsing trace (can occur in wrap mode).
- Count and record number of checkpoints in trace.
- Added small, inlined utility function xscale_display_instruction() to help
make the code more concise and clear.
TODO:
- Save processor state (arm or thumb) in struct xscale_trace when trace is
enabled so that trace can be analyzed correctly (currently assumes arm mode).
- Add element to struct xscale_trace that records (when trace is enabled)
whether vector table is relocated high (to 0xffff0000) or not, so that a
branch to an exception vector is traced correctly (curently assumes vectors
at 0x0).
+ virt2phys() can now convert virtual address to real
+ read_memory() and write_memory() are renamed to read_phys_memory()
and write_phys_memory()
+ new read_memory() and write_memory() try to resolve real address if
mmu is enambled than perform real address reading/writing
+ if address is bellow 0xc000000 than TTB0 is used for page table
dereference, if above - than TTB1. Linux style of user/kernel address
separation
+ if above fails (i.e address is unspecified) than mode is checked
whether it is Supervisor (than TTB1) or User (than TTB0)
- Software breakpoints doesn't work. You should invoke
"gdb_breakpoint_override hard" before you start debugging
+ cortex_a8_mmu(), cortex_a8_enable_mmu_caches(),
cortex_a8_disable_mmu_caches() are implemented
Signed-off-by: Øyvind Harboe <oyvind.harboe@zylin.com>
I'm not sure what caused this significant character to get deleted.
it may be related to intermittent Editor or terminal flakes I've
been seeing lately (sigh). This fix is trivial.
Signed-off-by: David Brownell <dbrownell@users.sourceforge.net>
Fixing one bug can easily uncover another .... in this case,
making sure that we properly invalidate some cached NOR state when
resuming arbitrary target code turned up an issue when the code
wasn't quite arbitrary (and we couldn't know that, but some parts
of OpenOCD assumed the cache would not be invalidated.
Specifically: some flash drivers (like CFI) update that state in loops
with downloaded algorithms, thus invalidating the state as it's probed.
+ Add a new target state flag, to record whether the target is
running downloaded algorithm code.
+ Use that flag to add a special case: "trust" downloaded algorithms
not to corrupt that cached state, bypassing cache invalidation.
Also update some of the documentation to stipulate that this flavor of
trustworthiness is now *required* ... not just a fortuitous acident.
Signed-off-by: David Brownell <dbrownell@users.sourceforge.net>
For some reason there are *two* schemes for interposing logic into
the run_algorithm() code path... One is a standard procedural wapper
around the target method invocation.
the other (superfluous) one hacked the method table by splicing
a second procedural wrapper into the method table. Remove it:
* Rename its slightly-more-featureful wrapper so it becomes
the standard procedural wrapper, leaving its added logic
(where it should have been in the first place.
Also add a paranoia check, to report targets that don't
support algorithms without traversing a NULL pointer, and
tweak its code structure a bit so it's easier to modify.
* Get rid of the superfluous/conusing method table hacks.
This is a net simplification, making it simpler to analyse what's
going on, and then interpose logic . ... by ensuring there's only one
natural place for it to live.
------------
Signed-off-by: David Brownell <dbrownell@users.sourceforge.net>
Without this, a system using gcc (GCC) 4.2.4 (Ubuntu 4.2.4-1ubuntu4)
aborts builds after reporting:
tcl.c: In function ‘handle_irscan_command’:
tcl.c:1168: warning: passing argument 1 of ‘buf_set_u32’ discards qualifiers from pointer target type
Signed-off-by: David Brownell <dbrownell@users.sourceforge.net>
Problem: halt at a breakpoint, enable trace buffer ('xscale trace_buffer enable
fill'), then resume. Wait for debug exception when trace buffer fills (if not
sooner due to another breakpoint, vector catch, etc). Instead, never halts.
When halted explicitly from OpenOCD and trace buffer dumped, it contains only
one entry; a branch to the address of the original breakpoint. If the above
steps are repeated, except that the breakpoint is removed before resuming, the
trace buffer fills and the debug exception is generated, as expected.
Cause: related to how a breakpoint is stepped over on resume. The breakpoint is
temporarily removed, and a hardware breakpoint is set on the next instruction
that will execute. xscale_debug_entry() is called when that breakpoint hits.
This function checks if the trace buffer is enabled, and if so reads the trace
buffer from the target and then disables the trace (unless multiple trace
buffers are specified by the user when trace is enabled). Thus you only trace
one instruction before it is disabled.
Solution: kind of a hack on top of a hack, but it's simple. Anything better
would involve some refactoring. This has been tested and trace now works as
intended, except that the very first instruction is not part of the trace when
resuming from a breakpoint.
TODO: still many issues with trace: doesn't work during single-stepping (trace
buffer is flushed each step), 'xscale analyze_trace' works only marginally for
a trace captured in 'fill' mode, and not at all for a trace captured in 'wrap'
mode.
Signed-off-by: Øyvind Harboe <oyvind.harboe@zylin.com>
Clean up the jtag/tcl.c file, which was one of the biggest and
messiest ones in that directory. Do it by splitting out all the
generic adapter commands to a separate "adapter.c" file (leaving
the "tcl.c" file holding only JTAG utilities).
Also rename the little-used "jtag interface" to "adapter_name", which
should have been at least re-categorized earlier (it's not jtag-only).
Signed-off-by: David Brownell <dbrownell@users.sourceforge.net>
The command "flash bank" has updated syntax.
Add the mandatory parameter <target> to the usage message
that prints in case of error.
Signed-off-by: Antonio Borneo <borneo.antonio@gmail.com>
first cut peek/poke over tcp/ip, used for debug/research
purposes only. Long term JTAG over TCP/IP might be an
offshoot. The performance is usable for development/testing
purposes.
Signed-off-by: Øyvind Harboe <oyvind.harboe@zylin.com>
I don't know when "poll off" broke, but "poll off" didn't
stop background polling of target. The polling status flag
simply wasn't checked in the handle_target timer callback.
All target polling(including power/reset state) is now stopped
upon "poll off".
Signed-off-by: Øyvind Harboe <oyvind.harboe@zylin.com>
For testing and checking the build this can be useful,
it doesn't have any practical application outside development.
Signed-off-by: Øyvind Harboe <oyvind.harboe@zylin.com>
The init cleanup patch overlooked a message which was
wrongly specific to the "usbjtag" layout. Fix.
Signed-off-by: David Brownell <dbrownell@users.sourceforge.net>
This patch fixes xscale software breakpoints by cleaning the dcache and
invalidating the icache after the bkpt instruction is inserted or removed. The
icache operation is necessary in order to flush the fetch buffers, even if the
icache is disabled (see section 4.2.7 of the xscale core developer's manual).
The dcache is presumed to be enabled; no harm done if not. The dcache is also
invalidated after cleaning in order to safeguard against a future load of
invalid data, in the event that cache_clean_address points to memory that is
valid and in use.
Also corrected a confusing typo I noticed in a comment.
TODO (or not TODO...?): the xscale's 2K "mini dcache" is not cleaned. This
cache is not used unless the 'X' bit in the page table entry is set. This is a
proprietary xscale extension to the ARM architecture. If a target's OS or
executive makes use of this for memory regions holding code, the breakpoint
problem will persist. Flushing the mini dcache requires that 2K of valid
cacheable memory (mapped with 'X' bit set) be designated by the user for this
purpose. The debug handler that gets downloaded to the target will also need to
be extended.
In the ft2232 driver, initialization for many layouts punts to a routine
called usbjtag_init(), instead of a routine specific to each layout.
That routine is a mess built around a "what type layout am I" core.
That's a bad design ... in this case, especially so, since it bypasses
the layout-specific dispatch which was just done, and obfuscates the
initialization which is at least somewhat generic, instead of being
specific to the "usbjtag" layout.
Split and document out the generic parts of usbjtag_init(), and make
the rest of those layouts have layout-specific init methods. Also,
rename usbjtag_reset() ... that also was not specific to the "usbjtag"
layout, and thus contributed to the previous code structure confusion.
(Eventually, all layout-specific code (and method tables) should probably
live in files specific to each layout. These changes will facilitate
those and other cleanups to this driver.)
Signed-off-by: David Brownell <dbrownell@users.sourceforge.net>
the handling of caches, should be moved into the breakpoint
specific callbacks rather than being plonked into generic
memory write fn's.
Signed-off-by: Øyvind Harboe <oyvind.harboe@zylin.com>
Note that the FT4232 chips have four channels not two, and
Elaborate on uses of the additional channels.
Signed-off-by: David Brownell <dbrownell@users.sourceforge.net>
The implementation is now more straightforward as the
scan_fields have been greatly simplified over time.
Signed-off-by: Øyvind Harboe <oyvind.harboe@zylin.com>
By a bit of code inspection it seems like all of these
instances of jtag_get_end_state() can be unambigously
replaced by constants.
Signed-off-by: Øyvind Harboe <oyvind.harboe@zylin.com>
Fix problem with the xscale icache and dcache commands. Both commands were
enabling or disabling the mmu, not the caches
I didn't look any further after my earlier patch fixed the trivial problem
with command argument parsing. Turns out the underlying code was broken.
The resolution is straightforward when you look at the arguments to
xscale_enable_mmu_caches() and xscale_disable_mmu_caches(). I finally
took a deeper look after dumping the cp15 control register (XSCALE_CTRL)
and seeing that the cache bits weren't changing, but the mmu bit was
(which caused all manner of grief, as you can imagine). This has been
tested and works OK now.
src/target/xscale.c | 17 +++++++++++------
1 files changed, 11 insertions(+), 6 deletions(-)
Signed-off-by: David Brownell <dbrownell@users.sourceforge.net>
So don't use the name "swjdp" for all DAPs; rename to
plain old "dap", which *is* always correct.
Signed-off-by: David Brownell <dbrownell@users.sourceforge.net>
Not sure how the original "move code to adi_v5_swd.c" patch left
some code in the "arm_adi_v5.c" file, but a recent patch was only
a partial fix -- it didn't remove all the duplication.
Signed-off-by: David Brownell <dbrownell@users.sourceforge.net>
jtag_get/set_end_state() is now deprecated.
There were lots of places in the code where the end state was
unintentionally modified.
The big Q is whether there were any places where the intention
was to modify the end state. 0.5 is a long way off, so we'll
get a fair amount of testing.
Signed-off-by: Øyvind Harboe <oyvind.harboe@zylin.com>
A fn was copied instead of moved to a new file. The linker
can discard exact copies of fn's without warning.
This is a C++'ism.
However on my Ubuntu 9.10 machine, it fails.
Signed-off-by: Øyvind Harboe <oyvind.harboe@zylin.com>
The PIC32MX does not support the ejtag software reset - it is
optional in the ejtag spec.
We perform the equivalent using the microchip specific MTAP cmd's.
Signed-off-by: Spencer Oliver <ntfreak@users.sourceforge.net>
The mips_m4k_assert_reset has now been restructured
so the variant ejtag_srst is not required anymore.
The ejtag software reset will be used if the target does not
have srst connected.
Remove ejtag_srst from docs.
Signed-off-by: Spencer Oliver <ntfreak@users.sourceforge.net>
by ack'ing memory writes immediately and reporting either
at next memory write or stepi/continue time. GDB will then
send off a new packet that is ready by the time the previous
packet has been written to target memory.
On faster adapters this can be as much as 10% improvement.
Signed-off-by: Øyvind Harboe <oyvind.harboe@zylin.com>
Unused. If something should happen after context restore, then the
calling code can just do it afterwards.
Signed-off-by: Øyvind Harboe <oyvind.harboe@zylin.com>
Unclutter arm_adi_v5.c by moving most transport-specific code
to a transport-specific files adi_v5_{jtag,swd}.c ... it's not
a full cleanup, because of some issues which need to be addressed
as part of SWD support (along with implementing the DAP operations
on top of SWD transport):
- The mess where mem_ap_read_buf_u32() is currently coded to
know about JTAG scan chains, and thus needs rewriting before
it will work with SWD;
- Initialization is still JTAG-specific
Also move JTAG_{DP,ACK}_* constants from adi_v5.h to the JTAG
file; no other code should care about those values.
Signed-off-by: David Brownell <dbrownell@users.sourceforge.net>
Until this time only basic SLC functionality exists when you want to use SLC to access external nand flash.
Basic functionality can be selected with command:
lpc3180 select 0 slc
It is anyway very slow to write/read to/from nand flash.
With the new command, SLC speed improved about 20 times, and hardware ECC info also read/written from/to nand flash OOB area:
lpc3180 select 0 slc bulk
Speed improvement achieved by using working are in SRAM of the LPC3250 chip and controlling DMA controller to interact between SRAM and SLC peripheral.
Here are the patches, and if they are ok than take them.
Tested with hitex LPC3250 usb stick.
Signed-off-by: Øyvind Harboe <oyvind.harboe@zylin.com>
Fixes bug that prevented users from specifying a base address of
0x80000000 or higher in image commands (flash write_image, etm image,
xscale trace_image).
image.base_address is an offset from the start address contained in
the image file (if there is one), or from 0 (for binary files). As a
signed 32-bit int, it couldn't be greater than 0x7fffffff, which is a
problem when trying to write a binary file to flash above that
address. Changing it to a 64-bit long long keeps it as a signed
offset, but allows it to cover the entire 32-bit address space.
Signed-off-by: Øyvind Harboe <oyvind.harboe@zylin.com>
The SRST configuration options are not specific to JTAG, so this
command may be needed with non-JTAG debug sessions. Just move
the command to a different group.
(The TRST options are, however, clearly JTAG-specific, but for
compatibility, they're now left alone. The flags they control
could later be disabled in non-JTAG sessions.)
Signed-off-by: David Brownell <dbrownell@users.sourceforge.net>
Globally rename "jtag_nsrst_assert_width" as "adapter_nsrst_assert_width",
and move it out of the "jtag" command group ... it needs to be used with
non-JTAG transports
Includes a migration aid (in jtag/startup.tcl) so that old user scripts
won't break. That aid should Sunset in about a year.
Signed-off-by: David Brownell <dbrownell@users.sourceforge.net>
Globally rename "jtag_nsrst_delay" as "adapter_nsrst_delay", and move it
out of the "jtag" command group ... it needs to be used with non-JTAG
transports
Includes a migration aid (in jtag/startup.tcl) so that old user scripts
won't break. That aid should Sunset in about a year.
Signed-off-by: David Brownell <dbrownell@users.sourceforge.net>
Globally rename "jtag_khz" as "adapter_khz", and move it out of the "jtag"
command group ... it needs to be used with non-JTAG transports
Includes a migration aid (in jtag/startup.tcl) so that old user scripts
won't break. That aid should Sunset in about a year. (We may want to
update it to include a nag message too.)
Signed-off-by: David Brownell <dbrownell@users.sourceforge.net>
These routines apply to non-JTAG debug adapters too. To
reduce confusion, give them better (non-misleading) names.
Signed-off-by: David Brownell <dbrownell@users.sourceforge.net>
Streamline use of the layout: have the "ft2232_layout" command
look it up and save the result, instead of having a few different
chunks of code looking it up later, and saving just its name (which
is already part of the layout). This
- is cleaner
- reports errors sooner
- facilitates earlier adapter-specific setup
- removes unused "default to "usbjtag" logic
Signed-off-by: David Brownell <dbrownell@users.sourceforge.net>
Simple patch that fixes the broken xscale icache and dcache commands.
This broke when the helper functions and macros were changed.
[ dbrownell@users.sourceforge.net: don't use strcasecmp ]
Signed-off-by: David Brownell <dbrownell@users.sourceforge.net>
Remove undesirable
- backslashes at end-of-line;
- initializations of BSS data to zero/NULL;
- overlong lines (80+ characters)
- whitespace issues
- brackets around single-line statements
And other minor issues reported by the Linux "checkpatch" utility
Signed-off-by: David Brownell <dbrownell@users.sourceforge.net>
This patch greatly simplifies the Versaloon driver:
- reducing the code size from more than 50K to less than 28K
- adding support for IR/DR scan with unlimited size
- using tap_get_tms_path and tap_get_tms_path_len.
Signed-off-by: David Brownell <dbrownell@users.sourceforge.net>
This includes a driver and matching config file. This support needs to be
enabled through the initial "configure" (use "--enable-buspirate").
Signed-off-by: Michal Demin <michaldemin@gmail.com>
Signed-off-by: David Brownell <dbrownell@users.sourceforge.net>
We'll need to be able to work with debug adapter interfaces (drivers)
even when they're not used for JTAG ... for example, while there are
multi-transport drivers which support JTAG *and* several other
transports (or just one more, like SWD) there are also adapters
with more limited goals (and no JTAG support at all).
Start decoupling the two concepts ("debug adapter driver", "jtag")
by having two command groups, which initialize separately.
This will help us support OpenOCD sessions using only non-JTAG
transports, in which JTAG commands should not be registered.
Update docs to mention that the JTAG, SVF, and XSVF commands
won't work without a JTAG transport.
Note that at least commands working with SRST are still inappropriately
coupled to JTAG ... inappropriate because (a) SRST is not part of the
JTAG standard, for all that many platforms (like ARM) expect it; and also
(b) because they're used with non-JTAG debug and programming interfaces,
too. They should perhaps become generic "interface" operations at some
point. (Similarly with the clock rate to be used by a given adapter.)
Signed-off-by: David Brownell <dbrownell@users.sourceforge.net>
Add flash algorithm support for the PIC32MX.
Still a few things todo but this dramatically decreases
the programing time, eg. approx programming for 2.5k test file.
- without fastload: 60secs
- with fastload: 45secs
- with fastload and algorithm: 2secs.
Add new devices to supported list.
Signed-off-by: Spencer Oliver <ntfreak@users.sourceforge.net>
Cannot protect or unprotect single sector in cfi flash.
When first==last the procedure fails.
Signed-off-by: Antonio Borneo <borneo.antonio@gmail.com>
Signed-off-by: Øyvind Harboe <oyvind.harboe@zylin.com>
The table of command registration functions shouldn't be
in writable memory, where stray pointers can clobber it.
Also, it shouldn't be initialized at runtime; that just
consumes needless code space.
Signed-off-by: David Brownell <dbrownell@users.sourceforge.net>
At the end I have added comments /* FIXME: to be removed */
There are 3 lines in which my simplification is not complete due to
data dependency with LOG_DEBUG() messages visible in the patch.
Such log_debug has been introduced on Jan 22, 2007 with commit
4fc97d3f27 during development activity
in this file/procedure.
From my point of view, these logs can be removed, since not part of a
consistent flow of information.
Alternatively, could be borrowed in the new cfi_send_command(), but
this will increase verbosity.
Signed-off-by: Øyvind Harboe <oyvind.harboe@zylin.com>
How many bits to shift out before/after enabled tap not
in bypass is calculated outside the loop. This is more of
a demonstration of principle and to clarify code than
a performance optimisation as such. Follows up a bit
on the simplification work in jtag interface.
Signed-off-by: Øyvind Harboe <oyvind.harboe@zylin.com>
In the code a single field was all that was ever used. Makes
jtag_add_ir_scan() simpler and leaves more complicated stuff
to jtag_add_plain_ir_scan().
Signed-off-by: Øyvind Harboe <oyvind.harboe@zylin.com>
jtag_add_dr/ir_scan() now takes the tap as the first
argument, rather than for each of the fields passed
in.
The code never exercised the path where there was
more than one tap being scanned, who knows if it even
worked.
This simplifies the implementation and reduces clutter
in the calling code.
use jtag_add_ir/dr_plain_scan() for more fancy situations.
Signed-off-by: Øyvind Harboe <oyvind.harboe@zylin.com>
JEDEC standard reports Vpp integer part encoded as 4 bit HEX value.
To print it using decimal digits, %u is required.
Other voltage values are coded as BCD, so %x is appropriate.
Code already prints one nibble at a time, so no need for field width
and precision in format string.
Signed-off-by: Antonio Borneo <borneo.antonio@gmail.com>
Signed-off-by: Øyvind Harboe <oyvind.harboe@zylin.com>
Get rid of needless and undesirable code duplication for
all the DAP commands (resolving a FIXME) ... there's no
need for coreas to have private copies of that stuff.
Stick a pointer to the DAP in "struct arm", letting common
code get to it.
Also rename the "swjdp_info" symbol; just call it "dap".
This is an overall code shrink.
Signed-off-by: David Brownell <dbrownell@users.sourceforge.net>
This partially corrects an inappropriate name choice (and its
associated FIXME).
There are still too many variables named "swjdp", bug little
current code actually relies on them referencing an SWJ-DP instead
of some other flavor of DAP. Only the two new dap_to{swd,jtag}()
calls could behave differently on an SWJ-DP instead of a SW-DP or
a JTAG-DP.
Signed-off-by: David Brownell <dbrownell@users.sourceforge.net>
When the beginning or end of the specified range of sectors
already has the requested protection status, don't ask the
flash driver to change those sectors.
This will among other things turn command sequences like
this into the NOPs one would expect:
flash protect_check 0
flash info 0
... reports everything as unprotected ...
flash protect 0 0 1 off
That speeds things up (by whatever work was just avoided).
Also, with Stellaris (which can't unprotect flash at page level)
this can eliminate some undesirable/false error reports. (And
finishes fixing a bug currently listed in our bug database...)
Signed-off-by: David Brownell <dbrownell@users.sourceforge.net>
The NOR infrastructure caches some per-sector state, but
it's not used much ... because the cache is not trustworthy.
This patch addresses one part of that problem, by ensuring
that state cached by NOR drivers gets invalidated once we
resume the target -- since targets may then modify sectors.
Now if we see sector protection or erase status marked as
anything other than "unknown", we should be able to rely
on that as being accurate. (That is ... if we assume the
drivers initialize and update this state correctly.)
Another part of that problem is that the cached state isn't
much used (being unreliable, it would have been unsafe).
Those issues can be addressed in later patches.
Signed-off-by: David Brownell <dbrownell@users.sourceforge.net>
Give a more accurate failure message when trying to unprotect; don't
complain about pages being write protected, just say that unprotect is
not supported by the hardware ... referencing the new "recover" command,
which is the way to achieve that.
Likewise, when trying to protect, talk about "pages" (matching hardware
doc) not "sectors" (an concept that's alien to these chips).
Also make the helptext for the "recover" command mention that it
also erases the device.
Signed-off-by: David Brownell <dbrownell@users.sourceforge.net>
Make ADIv5 internals use the two new transport-neutral calls for reading
and writing DP registers; and do the same for external callers. Also,
bugfix some of their call sites to handle the fault returns, instead of
ignoring them.
Remove most of the JTAG-specific calls, using their code as the bodies
of the JTAG-specific implementation for the new methods.
NOTE that there's a remaining issue: mem_ap_read_buf_u32() makes calls
which are JTAG-specific. A later patch will need to remove those, so
JTAG-specific operations can be removed from this file, and so that SWD
support will be able to properly drop in as just a transport layer to the
ADIv5 infrastructure. (The way read results are posted may need some more
attention in the transport-neutrality interface.)
Signed-off-by: David Brownell <dbrownell@users.sourceforge.net>
Make ADIv5 internals use the two new transport-neutral calls for reading
and writing DP registers. Also, bugfix some of their call sites to
handle the fault returns, instead of ignoring them.
Remove the old JTAG-specific calls, using their code as the bodies
of the JTAG-specific implementation for the new methods.
Signed-off-by: David Brownell <dbrownell@users.sourceforge.net>
Make ADIv5 use one of the new transport-neutral interfaces: call
dap_run(), not jtagdp_transaction_endcheck().
Also, make that old interface private; and bugfix some of its call
sites to handle the fault returns, instead of ignoring them.
Signed-off-by: David Brownell <dbrownell@users.sourceforge.net>
To support both JTAG and SWD, ADIv5 needs DAP operations which are
transport-neutral, instead being of JTAG-specific. This patch:
- Defines such a transport-neutral interface, abstracting access
to DP and AP registers through a conceptual queue of operations.
- Builds the first implementation of such a transport with the existing
JTAG-specific code.
In contrast to the current JTAG-only interface, the interface adds
support for two previously-missing (and unused) DAP operations:
- aborting the current AP transaction (untested);
- reading the IDCODE register (tested) ... required for SWD init.
The choice of transports may be fixed at the chip, board, or JTAG/SWD
adapter level. Or if all the relevant hardware supports both transport
options, the choice may be made at runtime, This patch provides basic
infrastructure to support whichever choice is made.
The current "JTAG-only" transport choice policy will necessarily continue
for now, until SWD support becomes available in OpenOCD. Later patches
start phasing out JTAG-specific calls in favor of transport-neutral calls.
Signed-off-by: David Brownell <dbrownell@users.sourceforge.net>
Add doxygen for target_resume() ... referencing the still-unresolved
confusion about what the "debug_execution" parameter means (not all
CPU support code acts the same).
The 'handle_breakpoints" param seems to have resolved the main issue
with its semantics, but it wasn't part of the function spec before.
Signed-off-by: David Brownell <dbrownell@users.sourceforge.net>
Fix some issues with the generic LPC1768 config file:
- Handle the post-reset clock config: 4 MHz internal RC, no PLL.
This affects flash and JTAG clocking.
- Remove JTAG adapter config; they don't all support trst_and_srst
- Remove the rest of the bogus "reset-init" event handler.
- Allow explicit CCLK configuration, instead of assuming 12 MHz;
some boards will use 100 Mhz (or the post-reset 4 MHz).
- Simplify: rely on defaults for endianness and IR-Capture value
- Update some comments too
Build on those fixes to make a trivial config for the IAR LPC1768
kickstart board (by Olimex) start working.
Also, add doxygen to the lpc2000 flash driver, primarily to note a
configuration problem with driver: it wrongly assumes the core clock
rate never changes. Configs that are safe for updating flash after
"reset halt" will thus often be unsafe later ... e.g. for LPC1768,
after switching to use PLL0 at 100 MHz.
Signed-off-by: David Brownell <dbrownell@users.sourceforge.net>
Correct a mistake made copying the ID of the Cortex-M3 ETM module
from the TRM, so that "dap info" on a CM3 with an ETM will now
correctly describe ROM table entries for such modules. (They are
included on LPC17xx and some other cores.)
Signed-off-by: David Brownell <dbrownell@users.sourceforge.net>
The recent "add armv7m semihosting support" patch introduced two
build errors:
arm_semihosting.c: In function ‘do_semihosting’:
arm_semihosting.c:71: error: ‘spsr’ may be used uninitialized in this function
arm_semihosting.c:71: error: ‘lr’ may be used uninitialized in this function
This fixes those build errors. The behavior is, however, untested.
(Also, note the two new REVISIT comments.)
Signed-off-by: David Brownell <dbrownell@users.sourceforge.net>
after clocking out a tms sequence, then the TAP will be
in some state. This state is now handed to the drivers.
TAP_INVALID is a possible state after a TMS sequence if
switching to SWD.
Signed-off-by: Øyvind Harboe <oyvind.harboe@zylin.com>
core_type check is not required as the core function will be
null for cores that do not support the mcr/mrc functions.
Signed-off-by: Spencer Oliver <ntfreak@users.sourceforge.net>
windows api does not define a posix sleep, use usleep that
has an openocd wrapper to the win32 native function.
Signed-off-by: Spencer Oliver <ntfreak@users.sourceforge.net>
do_semihosting and arm_semihosting now check the core type and
use the generic arm structure.
Signed-off-by: Spencer Oliver <ntfreak@users.sourceforge.net>
Move semihosting cmd to the arm cmd group.
Targets that support semihosting will setup the
setup_semihosting callback function.
Signed-off-by: Spencer Oliver <ntfreak@users.sourceforge.net>
- Add arm cmd group to armv7m cmd chain.
- arm cmd's now check the core type before running a cmd.
- todo: add support for armv7m registers for reg cmd.
Signed-off-by: Spencer Oliver <ntfreak@users.sourceforge.net>
- add mips support for target algorithms.
- added handlers for target_checksum_memory and target_blank_check_memory.
- clean up long lines
Signed-off-by: Spencer Oliver <ntfreak@users.sourceforge.net>
- armv7m_run_algorithm now requires all algorithms to use
a software breakpoint at their exit address
- updated all algorithms to support this
Signed-off-by: Spencer Oliver <ntfreak@users.sourceforge.net>
The Redbee USB is a small form-factor usb stick from Redwire, LLC
(www.redwirellc.com/store), built around a Freescale MC13224V
ARM7TDMI + 802.15.4 radio (plus antenna).
It includes an FT2232H for debugging, with Channel B connected to the
mc13224v's JTAG interface (unusual) and Channel A connected to UART1.
Signed-off-by: David Brownell <dbrownell@users.sourceforge.net>
The Redbee Econotag is an open hardware development kit from
Redwire, LLC (www.redwirellc.com/store), for the Freescale
MC13224V ARM7TDMI + 802.15.4 radio.
It includes both an MC13224V and an FT2232H (for JTAG and UART
support). It has flexible power supply options.
Additional features are:
- inverted-F pcb antenna
- 36 GPIO brought out to 0.1" pin header
(includes all peripheral pins)
- Reset button
- Two push buttons (on kbi1-5 and kbi0-4)
- USB-A connector, powered from USB
- up to 16V external input
- pads for optional buck inductor
- pads for optional 32.768kHz crystal
- 2x LEDS on TX_ON and RX_ON
[ dbrownell@users.sourceforge.net: shrink lines; texi ]
Signed-off-by: David Brownell <dbrownell@users.sourceforge.net>
Stellaris chips have a procedure for restoring the chip to
what's effectively the "as-manufactured" state, with all the
non-volatile memory erased. That includes all flash memory,
plus things like the flash protection bits and various control
words which can for example disable debugger access. clearly,
this can be useful during development.
Luminary/TI provides an MS-Windows utility to perform this
procedure along with its Stellaris developer kits. Now OpenOCD
users will no longer need to use that MS-Windows utility.
Signed-off-by: David Brownell <dbrownell@users.sourceforge.net>
Define two new DAP operations which use the new jtag_add_tms_seq()
calls to put the DAP's transport into either SWD or JTAG mode, when
the hardware allows.
Tested with the Stellaris 'Recovering a "Locked" Device' procedure,
which loops five times over both of these.
Signed-off-by: David Brownell <dbrownell@users.sourceforge.net>
Implement the new TMS_SEQ command on FT2232 hardware.
Also, swap a bogus exit() call with a clean failure return.
Signed-off-by: David Brownell <dbrownell@users.sourceforge.net>
For support of SWD we need to be able to clock out special bit
sequences over TMS or SWDIO. Create this as a generic operation,
not yet called by anything, which is split as usual into:
- upper level abstraction ... here, jtag_add_tms_seq();
- midlayer implementation logic hooking that to the lowlevel code;
- lowlevel minidriver operation ... here, interface_add_tms_seq();
- message type for request queue, here JTAG_TMS.
This is done slightly differently than other operations: there's a flag
saying whether the interface driver supports this request. (In fact a
flag *word* so upper layers can learn about other capabilities too ...
for example, supporting SWD operations.)
That approach (flag) lets this method *eventually* be used to eliminate
pathmove() and statemove() support from most adapter drivers, by moving
all that logic into the mid-layer and increasing uniformity between the
various drivers. (Which will in turn reduce subtle bugginess.)
Signed-off-by: David Brownell <dbrownell@users.sourceforge.net>
FT2232-family chips have two or more MPSSE modules. FTDI documentation
calls these channels. JTAG adapter drivers thus need to be able to choose
which channel to use. (For example, one channel may connect to a board's
microcontroller, while another connects to a CPLD.)
Since each channel has its own USB interface, libftdi (somewhat confusingly)
identifies channels using INTERFACE_* symbols. Most boards use INTERFACE_A
for JTAG, which is the default in OpenOCD. But some wire up a different one.
Note that there are two facets of what makes a wiring "layout":
- The mapping between debug signals map and channel signals ... embedded
in C functions.
- Label used in Tcl configuration scripts ... part of the "layout" structure.
By letting the channel be part of the layout struct, we permit sharing the C
functions between Tcl-visible layouts, when those signal mappings are reused.
Signed-off-by: David Brownell <dbrownell@users.sourceforge.net>
I have successfully programmed the AT90CAN128, based on the mega128
with some small modifications.
[ dbrownell@users.sourceforge.net: patch cleanup ]
Signed-off-by: David Brownell <dbrownell@users.sourceforge.net>
Highlight more of the internal JTAG-specific utilities, so it's
easier to identify code needing changes to become transport-neutral.
Signed-off-by: David Brownell <dbrownell@users.sourceforge.net>
zy1000 performance for GDB load went from 100kBytes/s
to 300kBytes/s @ 8 MHz by implementing the inner loop
of unack arm11 memory writes directly on top of the hw
fifo.
Profiling info:
78.57 0.77 0.77 arm11_run_instr_data_to_core_noack_inner
5.10 0.82 0.05 memcpy
4.08 0.86 0.04 jtag_tap_next_enabled
3.06 0.89 0.03 gdb_input
Signed-off-by: Øyvind Harboe <oyvind.harboe@zylin.com>
This allows minidrivers to e.g. hardware accelerate memory
writes.
Same trick as is used for arm7/9 dcc writes.
Added error propagation for memory transfer failures in
code rearrangement.
Also the JTAG end state is not updated until after
the memory write run is complete.
Signed-off-by: Øyvind Harboe <oyvind.harboe@zylin.com>
Use labeled initializers in the table of layouts instead of
positional ones. This ls cleaner and less error prone, plus
it simplifies patches which add members to these structure.
Signed-off-by: David Brownell <dbrownell@users.sourceforge.net>
When using an AP to access a memory (or a memory-mapped register),
some extra TCK (assuming JTAG) cycles should be added to ensure
the AP has enugh time to complete that access before trying to
collect the response.
The previous code was adding these cycles *before* trying to
access (read or write) data to that address, not *after*. Fix
by putting the delays in the right location.
Signed-off-by: David Brownell <dbrownell@users.sourceforge.net>
This removes context-sensitivity from the programming interface and makes
it possible to know what a block of code does without needing to know the
previous history (specifically, the DAP's "trans_mode" setting).
The mode was only set to ATOMIC briefly after DAP initialization, making
this patch be primarily cleanup; almost everything depends on COMPOSITE.
The transactions which shouldn't have been queued were already properly
flushing the queue.
Signed-off-by: David Brownell <dbrownell@users.sourceforge.net>
I have no idea what the scan_inout_check() was *expecting* to achieve by
issuing a read of the DP_RDBUFF register. But in any case, that code was
clearly never being called ("invalue" always NULL) ... so remove it, and
the associated comment.
Also rename it as ap_write_check(), facilitating a cleanup of its single
call site by removing constant parameters.
Signed-off-by: David Brownell <dbrownell@users.sourceforge.net>
adi_jtag_dp_scan_u32() now wraps adi_jtag_dp_scan(), removing
code duplication. Include doxygen for the former. Comment
some particularly relevant points. Minor fault handling fixes
for both routines: don't register a callback that can't run,
or return ERROR_OK after an error.
Signed-off-by: David Brownell <dbrownell@users.sourceforge.net>
Pass up fault codes from various routines, so their callers
can clean up after failures, and remove the FIXME comments
highlighting those previously goofy code paths.
dap_ap_{read,write}_reg_u32()
dap_ap_write_reg()
mem_ap_{read,write}_u32()
mem_ap_{read,write}_atomic_u32()
dap_setup_accessport()
Make dap_ap_write_reg_u32() just wrap dap_ap_write_reg(),
instead of cloning its core code (and broken fault handling).
Signed-off-by: David Brownell <dbrownell@users.sourceforge.net>
Handling of AP (and AP register bank) selection, and cached AP
registers, is pretty loose ... start tightening it:
- It's "AP bank" select support ... there are no DP banks. Rename.
+ dap_dp_bankselect() becomes dap_ap_bankselect()
+ "dp_select_value" struct field becomes "ap_bank_value"
- Remove duplicate AP cache init paths ... only use dap_ap_select(),
and don't make Cortex (A8 or M3) cores roll their own code.
- For dap_ap_bankselect(), pass up any fault code from writing
the SELECT register. (Nothing yet checks those codes.)
- Add various bits of Doxygen
Signed-off-by: David Brownell <dbrownell@users.sourceforge.net>
Keep a handle to the PC in "struct arm", and use it.
This register is used a fair amount, so this is a net
minor code shrink (other than some line length fixes),
but mostly it's to make things more readable.
For XScale, fix a dodgy sequence while stepping. It
was initializing a variable to a non-NULL value, then
updating it to handle the step-over-active-breakpoint
case, and then later testing for non-NULL to see if
it should reverse that step-over-active logic. It
should have done like ARM7/ARM9 does: init to NULL.
Signed-off-by: David Brownell <dbrownell@users.sourceforge.net>
Generalize the core of watchpoint setup so that it can handle
breakpoints too. Create breakpoint add/remove routines which
will use that, and hook them up to target types which don't
provide their own breakpoint support (nothing, yet).
This suffices for hardware-only breakpoint support. The ARM11
code will be able to switch over to this without much trouble,
since it doesn't yet handle software breakpoints. Switching
Cortex-A8 will be a bit more involved.
Signed-off-by: David Brownell <dbrownell@users.sourceforge.net>
Address some FIXME comments by getting rid of globals, moving
per-core parameters in the existing per-core data structure.
This will matter most whenever there are multiple ARM11 cores,
e.g. ARM11 MPcore chips, but in general is just cleanup.
Signed-off-by: David Brownell <dbrownell@users.sourceforge.net>
This sets up a few of the core "struct arm" data structures so they
can be used with ARMv7-M cores. Specifically, it:
- defines new ARM core_modes to match the microcontroller modes
(e.g. HANDLER not IRQ, and two types of thread mode);
- Establishes a new microcontroller "core_type", which can be
used to make sure v7-M (and v6-M) cores are handled right;
- adds "struct arm" to "struct armv7m" and arranges for the
target_to_armv7m() converter to use it;
- sets up the arm.core_cache and arm.cpsr values
- makes the Cortex-M3 code maintain arm.map and arm.core_mode.
This is currently set up as a parallel data structure, primarily to
minimize special cases for the semihosting support with microcontroller
profile cores.
Later patches can rip out the duplicative ARMv7-M support and start
reusing core ARM code.
Signed-off-by: David Brownell <dbrownell@users.sourceforge.net>
The recent patch to fixbreakpoints and dcache handling added
a bunch of overlong lines (80+ chars) ... shrink them, and do
the same to a few lines which were already overlong.
Also add a few FIXME comments to nudge (a) replacement of some
magic numbers with opcode macros, which will be much better at
showing what's actually going on, and (b) correct return codes.
Signed-off-by: David Brownell <dbrownell@users.sourceforge.net>
Fix an unused variable warning seen when building the parport driver
under FreeBSD.
Using information from Xiaofan Chen <xiaofanc@gmail.com>
Signed-off-by: David Brownell <dbrownell@users.sourceforge.net>
Breakpoints did not work because the data cache was not flushed
properly.
As a bonus add capability to write to memory marked as read only
by the MMU, which allows software breakpoints in such memory
regions.
For folk who don't know the ARM920 JTAG interface very well, the
two modes of scan chain 15 access to CP15 are confusing.
Make those parts of the ARM920 code less opaque, by:
- Adding comments referencing the relevant parts of the TRM,
catching up to similar updates in the User's Guide.
- Replacing magic numbers in physical access clients with
symbolic equivalents.
No functional change.
Signed-off-by: David Brownell <dbrownell@users.sourceforge.net>
When a DSP563xx-aware GDB asks OpenOCD for target registers,
the result should be a GDB with register data ... not an
OpenOCD crash.
(Note that mainline GDB doesn't currently support this core,
so for now, this requires a GDB with FreeScale patches.)
Signed-off-by: David Brownell <dbrownell@users.sourceforge.net>
Issue warning to user when unlocking or writing the option bytes.
The new settings will not take effect until a target reset.
Signed-off-by: Spencer Oliver <ntfreak@users.sourceforge.net>
Issue warning to user when unlocking or writing the option bytes.
The new settings will not take effect until a target reset.
Signed-off-by: Spencer Oliver <ntfreak@users.sourceforge.net>
This is a copy and paste of arm926ejs. Not tested, but
ready for testing at least. There is a good chance that
it will work if the generic armv4_5 fn's are robust enough...
Signed-off-by: Øyvind Harboe <oyvind.harboe@zylin.com>
Copy of the 926ejs function. I have tested it only using
my rtems application (where virtual address mapping == physical).
Signed-off-by: Øyvind Harboe <oyvind.harboe@zylin.com>
reset init would get stuck in an infinite loop when
e.g. khz was too high. Added timeout. This is a copy
of paste of a number of such bugfixes in the arm11
code.
Arm11 code reviewed for further such infinite loop bugs
and I couldn't find any more. Xing fingers it's the last
one...
Signed-off-by: Øyvind Harboe <oyvind.harboe@zylin.com>
Provide doxygen for many of the public ADIv5 interfaces (i.e. the ones
called from Cortex core support code).
Add FIXMEs (and a TODO) to help resolve implementation issues which
became more apparent when trying to document this code:
- Error-prone context-sensitivity (queued/nonqueued) in many procedures.
- Procedures that lie by ignoring errors and wrongly claiming success.
Also, there was no point in a return from dap_ap_select(); it can't fail,
and no caller checks its return status. Clean that up, make it void.
Signed-off-by: David Brownell <dbrownell@users.sourceforge.net>
Init the ARMv7-M magic number. Define predicate verifying it.
Use it to resolve a lurking bug/FIXME: make sure the ARMv7-M
specific DAP ops reject non-ARMv7-M targets.
Signed-off-by: David Brownell <dbrownell@users.sourceforge.net>
Segger publishes some documentation on this protocol;
reference it, so future maintainers can know it exists.
Signed-off-by: David Brownell <dbrownell@users.sourceforge.net>
The default state of the STR7 flash after a reset init is unlocked.
The information in the flash driver now reflects this.
The information about the lock status cannot be read from the
flash chip, so the user is informed that flash info might not
contain accurate information.
[dbrownell@users.sourceforge.net: line length shrinkage]
Signed-off-by: Edgar Grimberg <edgar.grimberg@zylin.com>
Signed-off-by: David Brownell <dbrownell@users.sourceforge.net>
The semihosting interface has a strange convention for read/write where
the unused amount of buffer must be returned. We failed to return the
total buffer size when the local read() call returned 0.
Signed-off-by: Nicolas Pitre <nico@marvell.com>
srst_asserted and power_restore can now be overriden to do
nothing. By default they will "reset init" the targets and
halt gdb.
Signed-off-by: Øyvind Harboe <oyvind.harboe@zylin.com>
Øyvind Harboe
Antonio Borneo
Thomas Koeller
gcembed
Jon Povey
Spencer Oliver
Gary Carlson
Jun Ma
Jun Ma
Karl Kurbjun
Matthias Bode
Tobias Ringström
Mike Dunn
michal smulski
Andreas Fritiofson
David Brownell
Anton Fedotov
Daniel Bäder
richard vegh
Bradey Honsinger
simon qian
Michal Demin
Mariano Alvira
Hans Peter Mortensn
Marc Pignat
Mathias Kuester
Edgar Grimberg
Nicolas Pitre